mirrors/flac
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

src/libFLAC/stream_decoder.c : Fix buffer read overflow.

Browse Source 
This is CVE-2014-8962.

Reported-by: Michele Spagnuolo,
             Google Security Team <mikispag@google.com>
This commit is contained in:
Erik de Castro Lopo 2014-11-18 07:20:25 -08:00
parent d8d171705a
commit 5b3033a2b3
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libFLAC/stream_decoder.c
View File

@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC =
* *
***********************************************************************/ ***********************************************************************/
static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' }; static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
/*********************************************************************** /***********************************************************************
* *
@ -1361,6 +1361,10 @@ FLAC__bool find_metadata_(FLAC__StreamDecoder *decoder)
id = 0; id = 0;
continue; continue;
} }
if(id >= 3)
return false;
if(x == ID3V2_TAG_[id]) { if(x == ID3V2_TAG_[id]) {
id++; id++;
i = 0; i = 0;